On 12/12/2012 12:00 PM, Maciek Sokolewicz wrote:
On 12-12-2012 17:11, Curtis Maurand wrote:
I have several poisoned .js files on a server.  I can use find to
recursively find them and then use preg_replace to replace the string.
However the string is filled with single quotes, semi-colons and a lot
of other special characters.  Will
preg_relace(escapeshellarg($String),$replacement) work or do I need to
go through the entire string and escape what needs to be escaped?


First of all, why do you want to use preg_replace when you're not actually using regular expressions??? Use str_replace or stri_replace instead.

Aside from that, escapeshellarg() escapes strings for use in shell execution. Perl Regexps are not shell commands. It's like using mysqli_real_escape_string() to escape arguments for URLs. That doesn't compute, just like your way doesn't either.

If you DO wish to escape arguments for a regular expression, use preg_quote instead, that's what it's there for. But first, reconsider using preg_replace, since I honestly don't think you need it at all if the way you've posted (preg_replace(escapeshellarg($string),$replacement)) is the way you want to use it.
Thanks for your response. I'm open to to using str_replace. no issue there. my main question was how to properly get a string of javascript into a string that could then be processed. I'm not sure I can just put that in quotes and have it work. There are colons, "<",">", semicolons, and doublequotes. Do I just need to rifle through the string and escape the reserved characters or is there a function for that?


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to